#!/bin/bash

# The script is designed to address the Zoom vulnerabilities described in CVE-2019–13450:
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450
#
# In the Zoom Client through 4.4.4, RingCentral 7.0.136380.0312 and Zhumu 4.2.137102.0612 on macOS,  
# remote attackers can force a user to join a video call with the video camera active. 
# This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. 
# 
# NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. 
# Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, 
# deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
#
# The script performs the following actions:
#
# Stops the ZoomOpener, RingCentralOpener and ZhumuOpener processes for the logged-in user.
#
# Sets /Library/Preferences/us.zoom.config.plist to disable Zoom video auto-connection
#
# Checks the existing user folders in /Users for the presence of the Library/Preferences directory.
# Once the Library/Preferences directory is located, script sets the individual users'
# ~/Library/Preferences/us.zoom.config.plist to disable Zoom video auto-connection.
# 
# Next, the script checks for the presence of the .zoomus, .ringcentralopener
# the .zhumuopener directories in users' home folders. 
# If these directories are detected, the following actions take place:
#
# If present, the .zoomus directory is deleted.
# A file named .zoomus is created.
# The .zoomus file is set to be unreadable and unwritable.
# The .zoomus file is set to be owned by the owner of the home folder.
#
# If present, the .ringcentralopener directory is deleted.
# A file named .ringcentralopener is created.
# The .ringcentralopener file is set to be unreadable and unwritable.
# The .ringcentralopener file is set to be owned by the owner of the home folder.
#
# If present, the .zhumuopener directory is deleted.
# A file named .zhumuopener is created.
# The .zhumuopener file is set to be unreadable and unwritable.
# The .zhumuopener file is set to be owned by the owner of the home folder.

# Checks to see if any user accounts are currently logged into the console (AKA logged into the GUI via the OS loginwindow)

users_logged_in_at_loginwindow=$(who | grep console)

# If a user is logged in, stop the existing ZoomOpener, RingCentralOpener, and
# ZhumuOpener processes for the logged-in user.

if [[ -n "$users_logged_in_at_loginwindow" ]]; then

    # Identify the logged-in user
    logged_in_user=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')
    
    # Identify the UID of the logged-in user
    logged_in_user_uid=$(id -u "$logged_in_user")
    
    /bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "ZoomOpener"
    /bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "RingCentralOpener"
    /bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "ZhumuOpener"
else
    echo "No user accounts are logged in at the login window."
fi 


# Applies setting to /Library/Preferences/us.zoom.config.plist to
# prevent Zoom from auto-connecting to video request.

/usr/bin/defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
 
# This function applies the deletion, creation and ownership changes for the
# .zoomus, .ringcentralopener and .zhumuopener directories.

StopZoomWebServer () {

if [[ -d "${USER_HOME}"/"$stop_zoom_local_webserver" ]]; then
  /bin/rm -rf "${USER_HOME}"/"$stop_zoom_local_webserver"
  /usr/bin/touch "${USER_HOME}"/"$stop_zoom_local_webserver"
  /bin/chmod 000 "${USER_HOME}"/"$stop_zoom_local_webserver"
  /usr/sbin/chown "${USER_UID}" "${USER_HOME}"/"$stop_zoom_local_webserver"
fi

}

 for USER_HOME in "/Users"/*
  do
    USER_UID=`basename "${USER_HOME}"`
    if [ ! "${USER_UID}" = "Shared" ]; then
      
      if [[ -d "${USER_HOME}"/Library/Preferences ]]; then
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
        /usr/sbin/chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/us.zoom.config.plist
      fi
 
      stop_zoom_local_webserver=".zoomus"
      StopZoomWebServer
      
      stop_zoom_local_webserver=".ringcentralopener"
      StopZoomWebServer
      
      stop_zoom_local_webserver=".zhumuopener"
      StopZoomWebServer

    fi
  done